CVE-2025-22245

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

5.9MEDIUM

EPSS

0.2%

top 62.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Vmware NSX Vmware Cloud Foundation Vmware Telco Cloud Infrastructure +2 more

Timeline

PublishedJun 4

Description

VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:LExploitability: 1.7 | Impact: 3.7

Affected Packages5 packages

▶NVDbroadcom/vmware_nsx3.2 — 4.1.2.6+2

▶NVDvmware/cloud_foundation4.5 — 5.2.1.2

▶NVDvmware/telco_cloud_platform3.0 — 5.0

▶NVDvmware/telco_cloud_infrastructure2.2 — 3.0

▶CVEListV5vmware/vmware_nsxVMware NSX 4.0.x, VMware NSX 4.1.x, VMware NSX 4.2.x

🔴Vulnerability Details

CVEList

CVE-2025-22245: VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation↗2025-06-04

▶

GHSA

GHSA-p5wf-c3gw-cq7c: VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation↗2025-06-04

▶